Avactis Shopping Cart contains a flaw that allows a remote sql injection attacks.Input passed to the "category_id" parameter in "store_special_offers.php" and "store.php" isn't properly sanitised before being used in a SQL query.Input passed to the "prod_id" parameter in "cart.php" and "product_info.php" isn't properly sanitised before being used in a SQL query.This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

examples:

/store_special_offers.php?asc_action=SetCurrCat&category_id=1[SQL]

/cart.php?asc_action=AddToCart&prod_id=1[SQL]

/store.php?asc_action=SetCurrCat&category_id=[SQL]

/product_info.php?asc_action=SetCurrentProduct&prod_id=[SQL]

2. xss

Avactis Shopping Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "category_id" parameter in "store.php","store_special_offers.php" and input passed to "prod_id" parameter in "product_info.php" isn't properly sanitised before being returned to the user.This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.